Author Topic: Proc.RunPE found, need some advices.  (Read 8137 times)

0 Members and 1 Guest are viewing this topic.

August 12, 2016, 03:36:47 PM

Kryss1621

  • Newbie

  • Offline
  • *

  • 8
  • Reputation:
    0
    • View Profile
Proc.RunPE found, need some advices.
« on: August 12, 2016, 03:36:47 PM »
Greetings,

As said, my last Roguekiller scan detected a Proc.RunPE in C:\Windows\System32\SearchFilterHost.exe

I don't know if it's a false positive, but since that exe is in System32 I don't think I can delete it like that so ...

Here are the reports, in txt and json.

Thanks in advance for the help.
« Last Edit: August 14, 2016, 07:30:33 PM by Kryss1621 »

Reply #1August 14, 2016, 11:38:12 AM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Proc.RunPE found, need some advices.
« Reply #1 on: August 14, 2016, 11:38:12 AM »
Hi Kryss,

This detection is likely a false positive.
Please follow the following process :
  • Download Process Explorer and save it to your desktop.
  • Click on the setup file (procexp.exe) and select Run as Administrator to start the tool.
  • Locate the process named SearchFilterHost.exe, right click select Create Dump > Create Full Dump...
  • Save the dump on your desktop, compress it and upload it on Google Drive/Dropbox.
  • Share the link in your next reply.
  • Please zip the following file and upload it as well : C:\Windows\System32\SearchFilterHost.exe
Regards.

Reply #2August 14, 2016, 04:50:07 PM

Kryss1621

  • Newbie

  • Offline
  • *

  • 8
  • Reputation:
    0
    • View Profile
Re: Proc.RunPE found, need some advices.
« Reply #2 on: August 14, 2016, 04:50:07 PM »
Thanks, here are the links.

-

-

I did two new scans just to be sure. The first one didn't find anything, and the second did find rundll32.exe as a Proc.RunPE, once again.

Here is the link for the reports. I couldn't find it on procexp however.

-
« Last Edit: August 14, 2016, 07:30:23 PM by Kryss1621 »

Reply #3August 14, 2016, 06:15:41 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Proc.RunPE found, need some advices.
« Reply #3 on: August 14, 2016, 06:15:41 PM »
Hi Kryss,

Thanks for the files. This is a confirmed false positive.
We will fix this as soon as possible.

Regards.

Reply #4August 14, 2016, 07:30:55 PM

Kryss1621

  • Newbie

  • Offline
  • *

  • 8
  • Reputation:
    0
    • View Profile
Re: Proc.RunPE found, need some advices.
« Reply #4 on: August 14, 2016, 07:30:55 PM »
That's reassuring, thanks for the help.

Regards.

Reply #5August 14, 2016, 08:07:08 PM

Curson

  • Global Moderator
  • Hero Member

  • Offline
  • *****

  • 2809
  • Reputation:
    100
    • View Profile
Re: Proc.RunPE found, need some advices.
« Reply #5 on: August 14, 2016, 08:07:08 PM »
Hi Kryss,

You are welcome.

Regards.